> For the complete documentation index, see [llms.txt](https://docs.zapiet.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.zapiet.com/other-resources/vulnerability-reporting.md). # Vulnerability Reporting To report a security vulnerability (bug bounty): We only accept vulnerabilities with a CVSSv3 score of 5.0 or higher via email. Your submission should include: * Detailed instructions for reproducing the bug (Proof of Concept); * A screen capture of the bug execution on a Zapiet resource, either attached or linked; * Relevant reference links and associated CVEs. Disclaimer: Any external testing that disrupts the Confidentiality, Integrity, or Availability of Zapiet assets without prior agreement will be considered unlawful, and Zapiet may pursue legal action. To report an issue that has a security impact, please report to: Once a vulnerability report is received, Zapiet will acknowledge receipt within 3 business days and take the following steps to address the issue: * Zapiet will assess and verify the validity of the reported vulnerability. * The vulnerability will be classified by Zapiet according to its potential impact and severity. * Based on this assessment, Zapiet will create a remediation plan and work to implement a fix. In most cases, Zapiet aims to prepare and publish advisories for newly identified vulnerabilities within approximately 90 days of verification. Breakdowns of timelines are highlighted below: * **Critical (CVSS 9.0-10.0): 24 hours** - For vulnerabilities posing immediate risk * **High (CVSS 7.0-8.9): 7 days** - For significant security risks * **Medium (CVSS 4.0-6.9): 30 days** - For moderate risk vulnerabilities * **Low (CVSS 0.1-3.9): 90 days** - For limited impact vulnerabilities --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zapiet.com/other-resources/vulnerability-reporting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.